* [FIX] Parse forwarded IP addresses when getting client IP address. …

…Related #498
nuxsmin · Mar 13, 2017 · 0339013 · 0339013
1 parent 4c91a0a
commit 0339013
Show file tree

Hide file tree

Showing 5 changed files with 24 additions and 15 deletions.
diff --git a/inc/SP/Controller/MainController.class.php b/inc/SP/Controller/MainController.class.php
@@ -607,7 +607,7 @@ public function getPublicLink()
                     $Message = new NoticeMessage();
                     $Message->setTitle(__('Enlace visualizado'));
                     $Message->addDescription(sprintf('%s : %s', __('Cuenta'), $PublicLink->getItemId()));
-                    $Message->addDescription(sprintf('%s : %s', __('Origen'), Checks::demoIsEnabled() ? '*.*.*.*' : Util::getClientAddress()));
+                    $Message->addDescription(sprintf('%s : %s', __('Origen'), Checks::demoIsEnabled() ? '*.*.*.*' : Util::getClientAddress(true)));
                     $Message->addDescription(sprintf('%s : %s', __('Agente'), Request::getRequestHeaders('HTTP_USER_AGENT')));
                     $Message->addDescription(sprintf('HTTPS : %s', Checks::httpsEnabled() ? 'ON' : 'OFF'));
 

diff --git a/inc/SP/Log/Email.class.php b/inc/SP/Log/Email.class.php
@@ -61,7 +61,7 @@ public static function sendEmail(LogMessage $LogMessage, $mailTo = '', $isEvent
         if ($isEvent === true) {
             $performer = Session::getUserData()->getUserLogin() ?: __('N/D');
             $body[] = sprintf('%s: %s', Html::strongText(__('Acción')), $LogMessage->getAction(true));
-            $body[] = sprintf('%s: %s (%s)', Html::strongText(__('Realizado por')), $performer, Util::getClientAddress());
+            $body[] = sprintf('%s: %s (%s)', Html::strongText(__('Realizado por')), $performer, Util::getClientAddress(true));
 
             $Mail->addCC(Config::getConfig()->getMailFrom());
         }

diff --git a/inc/SP/Log/Log.class.php b/inc/SP/Log/Log.class.php
@@ -178,7 +178,7 @@ public function writeLog($resetDescription = false, $resetDetails = false)
         $Data->setQuery($query);
         $Data->addParam(Session::getUserData()->getUserLogin());
         $Data->addParam(Session::getUserData()->getUserId());
-        $Data->addParam(Util::getClientAddress());
+        $Data->addParam(Util::getClientAddress(true));
         $Data->addParam(utf8_encode($this->LogMessage->getAction(true)));
         $Data->addParam($this->getLogLevel());
         $Data->addParam(utf8_encode($description));

diff --git a/inc/SP/Mgmt/PublicLinks/PublicLink.class.php b/inc/SP/Mgmt/PublicLinks/PublicLink.class.php
@@ -67,7 +67,7 @@ class PublicLink extends PublicLinkBase implements ItemInterface
     public function addLinkView()
     {
         $this->itemData->addCountViews();
-        $this->updateUseInfo(Util::getClientAddress());
+        $this->updateUseInfo(Util::getClientAddress(true));
 
         $Log = new Log();
         $LogMessage = $Log->getLogMessage();

diff --git a/inc/SP/Util/Util.class.php b/inc/SP/Util/Util.class.php
@@ -44,7 +44,7 @@ class Util
     /**
      * Generar una clave aleatoria
      *
-     * @param int  $length     Longitud de la clave
+     * @param int $length Longitud de la clave
      * @param bool $useNumbers Usar números
      * @param bool $useSpecial Usar carácteres especiales
      * @param bool $checKStrength
@@ -247,10 +247,10 @@ public static function checkUpdates()
     /**
      * Obtener datos desde una URL usando CURL
      *
-     * @param string    $url
-     * @param array     $data
+     * @param string $url
+     * @param array $data
      * @param bool|null $useCookie
-     * @param bool      $weak
+     * @param bool $weak
      * @return bool|string
      * @throws SPException
      */
@@ -488,8 +488,8 @@ public static function getMaxUpload()
      * such as 'false','N','yes','on','off', etc.
      *
      * @author Samuel Levy <[email protected]>
-     * @param mixed $in     The variable to check
-     * @param bool  $strict If set to false, consider everything that is not false to
+     * @param mixed $in The variable to check
+     * @param bool $strict If set to false, consider everything that is not false to
      *                      be true.
      * @return bool The boolean equivalent or null (if strict, and no exact equivalent)
      */
@@ -563,7 +563,7 @@ public static function getServerUrl()
     /**
      * Cast an object to another class, keeping the properties, but changing the methods
      *
-     * @param string        $class Class name
+     * @param string $class Class name
      * @param string|object $object
      * @return mixed
      * @link http://blog.jasny.net/articles/a-dark-corner-of-php-class-casting/
@@ -619,9 +619,9 @@ public static function traceLastCall($function = null)
     /**
      * Comprobar si un valor existe en un array de objetos
      *
-     * @param array  $objectArray
+     * @param array $objectArray
      * @param string $method
-     * @param mixed  $value
+     * @param mixed $value
      * @return bool
      */
     public static function checkInObjectArray(array $objectArray, $method, $value)
@@ -699,10 +699,19 @@ public static function getETA($startTime, $numItems, $totalItems)
     /**
      * Devolver la dirección IP del cliente
      *
+     * @param bool $fullForwarded Devolver la cadena de forward completa
      * @return string
      */
-    public static function getClientAddress()
+    public static function getClientAddress($fullForwarded = false)
     {
-        return Request::getRequestHeaders('X-Forwarded-For') ?: $_SERVER['REMOTE_ADDR'];
+        $forwarded = Request::getRequestHeaders('X-Forwarded-For');
+
+        if ($forwarded !== '') {
+            if (preg_match_all('/\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}/', $forwarded, $matches)) {
+                return $fullForwarded ? implode(',', $matches[0]) : $matches[0][0];
+            }
+        }
+
+        return $_SERVER['REMOTE_ADDR'];
     }
 }